[Users] iptables -m recent does not work in the container
Stanichenko Marat
mstanichenko at openvz.org
Tue Oct 14 07:25:25 EDT 2008
Aleksandar Ivanisevic wrote on 14.10.2008 13:17:
> I'm trying to implement a simple defense against ssh brute force
> attacks.
>
> iptables -N SSH_Brute_Force
> iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j SSH_Brute_Force
> iptables -A SSH_Brute_Force -m recent ! --rcheck --seconds 60 --hitcount 2 --name SSH --rsource -j RETURN
> iptables -A SSH_Brute_Force -p tcp -j DROP
>
> this should allow only 1 SYN in 60 seconds to port 22 and it works
> perfectly on the host, but not in a container.
>
> both are Centos 5.2, fully patched, kernel 2.6.18-92.1.1.el5.028stab057.2PAE
>
> in the syslog I see:
>
> Oct 14 11:06:41 xxx modprobe: FATAL: Could not load /lib/modules/2.6.18-92.1.1.el5.028stab057.2PAE/modules.dep: No such file or directory
>
> looks like its trying to load someting, but shouldn't it use a module
> in a host kernel instead?
>
> Any ideas?
>
>
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://openvz.org/mailman/listinfo/users
>
>
Hello,
please make sure that xt_state and ipt_recent modules are loaded on the HN.
More information about the Users
mailing list